Rewrite pam_passwd_conv_proc to be more robust: avoid assuming that the

Tom Lane <tgl@sss.pgh.pa.us>

Commit: 0407c835c81f47313058e7c41f354a57278f1311
Author: Tom Lane <tgl@sss.pgh.pa.us>
Date: 2009-10-16T22:09:08Z
Releases: 8.0.23
Rewrite pam_passwd_conv_proc to be more robust: avoid assuming that the
pam_message array contains exactly one PAM_PROMPT_ECHO_OFF message.
Instead, deal with however many messages there are, and don't throw error
for PAM_ERROR_MSG and PAM_TEXT_INFO messages.  This logic is borrowed from
openssh 5.2p1, which hopefully has seen more real-world PAM usage than we
have.  Per bug #5121 from Ryan Douglas, which turned out to be caused by
the conv_proc being called with zero messages.  Apparently that is normal
behavior given the combination of Linux pam_krb5 with MS Active Directory
as the domain controller.

Patch all the way back, since this code has been essentially untouched
since 7.4.  (Surprising we've not heard complaints before.)

Files

PathChange+/−
src/backend/libpq/auth.c modified +82 −50